Advertising Platform Privacy Policy
Last Updated: September 30, 2024
Table of Contents:
About Us
How We Collect User Information
Information Our Clients and Vendors Collect Independently
Use of User Information
Cooperation with Clients in the European Union
Information We Collect, Use, Disclose, and the Purposes for such Disclosure
Your Privacy Rights & Choices
Additional Information for Residents of Certain States
Information Retention
Security
Self-regulatory mechanisms
Data Transfers and EU-U.S. Data Privacy Framework, UK Extension to the EU-US Data Privacy Framework, and Swiss-U.S Data Privacy Principles
Changes to this Policy
Contact Us
This policy explains how Magnite, Inc. (“Magnite,” we” or “us”) collects, uses and discloses information about you when you interact with Digital Media Properties (defined below) that use our advertising technology platforms and related services to deliver you ads (collectively, the “Services”).
This privacy policy does not govern (i) the collection and use of information about visitors to our website, or (ii) information collected in the course of our sales and marketing activities. Our privacy practices as to that information can be found here. This policy also does not govern the collection, use and disclosure of information by our clients through their Digital Media Properties, the activities of other third parties we may work with, or any activities where we act as a service provider or processor to our clients rather than a data controller. Those practices are governed by our clients’ own privacy policies.
About Us
Magnite offers Services that connect buyers of advertising inventory (which we refer to as advertisers) with sellers of advertising inventory (which we refer to as publishers), providing such buyers with the opportunity to display an advertisement on a seller’s Digital Media Property. In this policy, we refer to our buyers and sellers collectively as “Clients”. Our platform is used to deliver digital advertising inventory on websites and applications across Internet-connected devices and platforms, including mobile devices, computers and internet-connected TVs (which we collectively refer to as “Digital Media Properties”).
How We Collect User Information
We (and our service providers) use different technologies (collectively “Tracking Technologies”), including cookies and other similar technologies to collect information automatically from your device when you visit a Digital Media Property that uses our technology.
When doing so, we collect certain information about you and your device (collectively, “User Information”). User Information does not include information that directly identifies an individual, such as name, address, phone number, or email address. However, the User Information we collect is considered “personal data” or “personal information” under applicable privacy and data protection laws.
In particular, we collect information such as your IP address, cookie data, and other device identifiers, and may also assign new identifiers to your device or browser based on this data and other device-related information we collect as described in more detail here. These identifiers help us to recognize a particular device without knowing the identity of the user of that device. This helps us, our Clients, and our partners (such as third party advertising platforms) select appropriate advertisements to display to you.
Information Our Clients and Vendors Collect Independently
We collaborate with various third-parties for analytics and advertising services, which independently gather and use User Information. These third-party services provide our Clients with additional ways to deliver targeted ads using our technology.
For example, third-party companies may use data about your visits to Digital Media Properties across multiple devices or browsers to create advertising profiles that allow advertisers to deliver more personalized content and ads. Our advertiser clients can combine this data with the information we collect to deliver targeted ads or create audience segments for advertising on Digital Media Properties. Our clients and their vendors may use their own tags, pixels, cookies, or similar technologies within ads and on certain third-party platforms and Digital Media Properties. We are not responsible for the tracking technologies or privacy practices of our Clients or their vendors.
Please review our Platform Cookie Statement for more information.
Use of User Information
We and our Clients use User Information to guide decisions on buying and selling advertising space on Digital Media Properties. This data, which may also be combined with information from third-party services, helps deliver targeted ads that our Clients believe will interest specific users. When an ad is shown on a publisher’s site, it may also be targeted based on the content that you are viewing or have viewed, for example a travel ad appearing on a travel site. Tracking Technologies help to match client’s advertising opportunities with the right advertisements. To do so, we may perform cookie syncing between Clients, Magnite, third party data provider and/or advertiser client cookies. This cookie synching process allows the parties to map their respective cookie information. For example, if publisher A sets a cookie on a user’s device with an ID 12345 and advertiser B sets a cookie on the same user’s device with an ID 67890, cookie synching would enable publisher A and advertiser B to recognize that ID 12345 and ID 67890 relate to the same user’s device. In the case of advertisers, cookie syncing may influence the decision whether to bid on a specific advertising opportunity, because if an advertiser recognizes a given cookie ID it may place a higher value on that opportunity.
We also use these technologies to prevent users from seeing the same ad repeatedly, enhance ad delivery, report to clients, and assess ad effectiveness.
This processing may constitute “targeted advertising” under some laws and the “sale” or “sharing” of personal information under other laws.
Cooperation with Clients in the European Union
In the European Union, we and our Clients may act in limited circumstances as joint controllers under the GDPR for the collection of User Information on Digital Media Properties. In this case, this joint controllership is limited to setting and collecting identifiers and User Information on the Digital Media Properties and transmitting this information to us (“Joint Processing“). Further processing of Your information is our sole responsibility and we act as an independent controller.
We have put contractual arrangements in place with our Clients that set out the distribution of responsibilities between us and our Client. Accordingly, our Clients establish the necessary legal basis for this Joint Processing by obtaining consent on the Digital Media Properties and providing the required transparency information. We and our Clients cooperate to fulfill our obligations under the GDPR, especially regarding collaboration with data protection authorities.
If you wish to exercise your rights under the GDPR concerning Joint Processing, please contact us via the User Choice Portal.
Information We Collect, Use, Disclose, and the Purposes for such Disclosure:
Types of data we collect:
- Device Characteristics: device identifiers, IP address, authentication-derived identifiers such as hashed email, probabilistic identifiers and other advertising identifiers.
- Browsing and Interaction Data: information about the domain, topic or name of the property, the date/time of visits, the search terms you enter, visitor activities and actions, viewability data, the video title, video player size, description or category being displayed, click data, types of advertisements viewed, type of browser you use, app version, and the page you visited before navigating to the Digital Media Properties.
- User’s Profiles, User behavior data, derived information: user demographics, information with respect to a user’s preferences, patterns, click and video interactions, behaviors or interests, and information provided to us by advertisers and advertising platforms to match an advertisement opportunity offered by our Clients with the right advertisement.
When you visit Digital Media Properties that use our technology, we collect, use and disclose the following information to the listed recipients for the indicated purposes:
| Category & Types of User Information we collect | Categories of RecipientsWe may disclose personal information to… | PurposesWe use personal information to… |
|---|---|---|
| Device characteristics | • Our Clients; • Magnite Affiliates; • Our vendors and service providers; • Our Partners; • In connection with a business transfer; • Law enforcement or others in legal proceeding; • To protect the rights of Magnite or others. | • Select advertising using limited data; • Create profiles for personalised advertising; • Use profiles to select personalised advertising; • Create profiles to personalise content; • Measure advertising performance; • Understand audiences through statistics or combinations of data from different sources • Develop and improve services; • Ensure security, prevent and detect fraud, and fix errors; • Deliver and present advertising and content; • Save and communicate privacy choices. |
| Browsing and Interaction Data | ||
| Non-precise Location data | ||
| User’s Profiles, User behavior data, derived information | ||
| Precise Location Data (which is “sensitive personal information” under certain State Privacy Laws) |
| Category & Types of User Information we collect |
| Device characteristics |
| Browsing and Interaction Data |
| Non-precise Location data |
| User’s Profiles, User behavior data, derived information |
| Precise Location Data (which is “sensitive personal information” under certain State Privacy Laws) |
| Categories of RecipientsWe may disclose personal information to… |
| • Our Clients; • Magnite Affiliates; • Our vendors and service providers; • Our Partners; • In connection with a business transfer; • Law enforcement or others in legal proceeding; • To protect the rights of Magnite or others. |
| PurposesWe use personal information to… |
| • Select advertising using limited data; • Create profiles for personalised advertising; • Use profiles to select personalised advertising; • Create profiles to personalise content; • Measure advertising performance; • Understand audiences through statistics or combinations of data from different sources • Develop and improve services; • Ensure security, prevent and detect fraud, and fix errors; • Deliver and present advertising and content; • Save and communicate privacy choices. |
Our Legal Basis For Processing
In the European Economic Area we rely on different legal bases to process your information for the various purposes described in this Privacy Policy. For each purpose below, we describe the legal basis for our processing.
The categories and types of User Information we collect and process are found in the above chart along with the third parties that we share this data with. All of the User Information listed above is processed for all purposes listed above.
| Purposes | Legal basis | Legitimate Interest reasoning, if applicable |
|---|---|---|
| Use limited data to select advertising | Consent or legitimate interests according to the choice of our Clients (see the information in the CMP of our Client). | If we rely on legitimate interests, these are to connect connect buyers of advertising inventory (advertisers) with sellers of advertising inventory (publishers) without personal data. |
| Create profiles for personalised advertising | Consent | |
| Use profiles to select personalised advertising | Consent | |
| Create profiles to personalise content | Consent | |
| Use profiles to select personalised content | Consent | |
| Measure advertising performance | Consent or legitimate interests according to the choice of our Clients. | If we rely on legitimate interests, these are to measure the use of our platforms to inform business decisions and to enable provision of accurate and reliable reporting. |
| Measure content performance | Consent or legitimate interests according to the choice of our Clients. | If we rely on legitimate interests, these are to measure the use of our platforms to inform business decisions and to enable provision of accurate and reliable reporting. |
| Understand audiences through statistics or combinations of data from different sources | Consent | |
| Develop and improve services | Consent or legitimate interests according to the choice of our Clients. | If we rely on legitimate interests, these are to evaluate the use of the services and adoption of new features to inform the development of future features and improve product direction and development. |
| Use limited data to select content | Consent | |
| Ensure security, prevent and detect fraud, and fix errors | Legitimate Interests | These legitimate interests are:To secure our systems and detect and investigate threats, infringement, harmful or unlawful activities and promote safety, integrity and security on our platforms. |
| Deliver and present advertising and content | Legitimate Interests | These legitimate interests are:To connect connect buyers of advertising inventory (advertisers) with sellers of advertising inventory (publishers). |
| Save and communicate privacy choices | Legitimate Interests | These legitimate interests are:To be able to save and communicate privacy choices reflecting Users choices, including their privacy settings. |
| Purposes |
| Use limited data to select advertising |
| Create profiles for personalised advertising |
| Use profiles to select personalised advertising |
| Create profiles to personalise content |
| Use profiles to select personalised content |
| Measure advertising performance |
| Measure content performance |
| Understand audiences through statistics or combinations of data from different sources |
| Develop and improve services |
| Use limited data to select content |
| Ensure security, prevent and detect fraud, and fix errors |
| Deliver and present advertising and content |
| Save and communicate privacy choices |
| Legal basis |
| Consent or legitimate interests according to the choice of our Clients (see the information in the CMP of our Client). |
| Consent |
| Consent |
| Consent |
| Consent |
| Consent or legitimate interests according to the choice of our Clients. |
| Consent or legitimate interests according to the choice of our Clients. |
| Consent |
| Consent or legitimate interests according to the choice of our Clients. |
| Consent |
| Legitimate Interests |
| Legitimate Interests |
| Legitimate Interests |
| Legitimate Interest reasoning, if applicable |
| If we rely on legitimate interests, these are to connect connect buyers of advertising inventory (advertisers) with sellers of advertising inventory (publishers) without personal data. |
| If we rely on legitimate interests, these are to measure the use of our platforms to inform business decisions and to enable provision of accurate and reliable reporting. |
| If we rely on legitimate interests, these are to measure the use of our platforms to inform business decisions and to enable provision of accurate and reliable reporting. |
| If we rely on legitimate interests, these are to evaluate the use of the services and adoption of new features to inform the development of future features and improve product direction and development. |
| These legitimate interests are:To secure our systems and detect and investigate threats, infringement, harmful or unlawful activities and promote safety, integrity and security on our platforms. |
| These legitimate interests are:To connect connect buyers of advertising inventory (advertisers) with sellers of advertising inventory (publishers). |
| These legitimate interests are:To be able to save and communicate privacy choices reflecting Users choices, including their privacy settings. |
Some jurisdictions may require consent in order to collect and process personal data. In all situations where you have been specifically asked by our partners or by us for your consent prior to processing, we may rely on that consent until you withdraw it. If we rely on consent to collect and/or process your User Information, we will obtain such consent in accordance with applicable law.
In some cases, we may need to process your User Information because we are required to do so by law.
In other cases, we may rely on our legitimate interests to collect User Information from you, except where such interests are overridden by your data-protection interests or fundamental rights and freedoms.
Your Privacy Rights and Choices
Opt-Out
Depending upon where you live, certain activities described here may constitute “sharing” “selling” or processing of User Information for purposes of “targeted advertising” as such terms are defined under certain privacy laws. You may opt out of these activities, as well as certain processing of sensitive personal information we may undertake by following the instructions in our User Choice Portal.
Note that because these opt outs are specific to the device or browser on which they are exercised, you will need to opt out on each browser and device.
Access, Deletion, Correction, Portability, Withdrawal of consent
In addition, depending on where you reside and other legal limitations, you may have the right to (i) request to know more about and access the categories and specific pieces of User Information we collect, use, and disclose, (ii) request deletion or restriction of your personal information, (iii) request correction of inaccurate personal information, (iv) obtain your User Information in a portable format and/or (v) if the processing of User Information is based on your consent, withdraw your consent at any time
If you would like to exercise any of these rights, please see our User Choice Portal for instructions on how to do so.
We will not discriminate against you for exercising these rights. Note that when you exercise your rights, we may ask for additional information to verify your request.
Right to Lodge a Complaint if you are a User in the EEA, UK, and Switzerland:
You have the right to lodge a complaint about our processing of personal data with a European Data Protection Authority. For contact details of EU data protection authorities, please see here. The UK data protection authority can be contacted here. The Swiss data protection authority can be contacted here.
Your Rights under certain State Laws
If you are a resident of a state governed by a State Privacy Law, please see our User Choice Portal section above to exercise your rights. If we deny your request, you may have the right to appeal our decision by contacting us here. If you have concerns about the result of an appeal, you may contact the attorney general in the state where you reside.
Authorized Agents
Depending upon where you live, you may also submit a rights request through an authorized agent. If you do so, the agent must present signed written permission to act on your behalf and you may also be required to independently verify your identity. If you are agent seeking to make a request, please contact us here.
Additional Information for Residents of Certain States
Certain states, including California, Colorado, Connecticut, Montana, Oregon, Texas, Utah, and Virginia, have enacted consumer privacy laws that grant their residents certain rights and require additional disclosures (“State Privacy Laws”). If you are a resident of a state governed by a State Privacy Law this section applies to you. This section also serves as our California Notice at Collection. As a reminder, disclosures do not apply to the extent we act as a service provider or processor to our clients. In such cases, you must visit the privacy policies of our clients to understand how data is processed about you and to exercise your rights.
This policy explains how we collect (including the sources of collection), use, disclose, and retain information about you in connection with our platforms. As required by certain State Privacy Laws, refer to this table to explain this same information, including the categories of personal information we collect, the types of entities to which we disclose it, and the ways we use each category of information. The table explains our practices today and over the preceding 12 months.
In some cases, we may de-identify personal information so that it no longer identifies you and use this information for purposes like analyzing the effectiveness of the Services. We will use this information in de-identified form and we will not attempt to reidentify it, unless required by law
We do not knowingly sell or share personal information about consumers under the age of 16, or the permitted legal age, where older.
Annual Request Statistics
During the period from January 1, 2023 to December 31, 2023, we received the following number of requests from individuals:
Requests to know from individuals in the United States: 15 requests. We processed the requests within a medium timeframe of 5 days; however, these requests were denied because we were unable to verify the identity of the individual making the request.
Requests to delete from individuals globally, inclusive of the US and other countries: 26 requests, and we processed these requests within a medium timeframe of 5 days; however, these requests were denied as we did not have any information relating to the individual’s information making the request.
Requests to opt out from individuals, globally: we honor users’ requests to opt out of interest-based advertising and any potential sales of personal information, as explained in this Policy. We received 2,258,275 requests to opt out, and these requests were completed in approximately real time.
Information Retention
We store the User Information we collect for as long as is necessary for the purpose(s) for which we originally collected it, or for other legitimate business purposes, including to meet our legal, regulatory, or other compliance obligations.
We typically store the User Information we collect from your device, such as IP address and other information described above, in our systems for up to 90 days before we anonymize and aggregate that data into summary reports.
Security
We use industry-standard technical and organizational security measures to help protect information transmitted over or stored on our systems. Please note, however, that no transmission or storage of information can ever be guaranteed to be completely secure.
Self-regulatory mechanisms
To note, Magnite participates in the IAB Europe Transparency & Consent Framework and complies with its specifications and policies. Magnite’s identification number(s) within the framework are 52 (DV+), 202 (Magnite CTV), 293 (SpringServe), and 493 (Magnite Carbon AI).
Magnite is a member of the Network Advertising Initiative’s (“NAI”) For more information about how targeted advertising works, you can visit the NAI educational page.
Finally, Magnite adheres to the Digital Advertising Alliance (“DAA”) Self-Regulatory Principles, and the European Digital Advertising Alliance’s (“EDAA”) Self-Regulatory Principles.
Data Transfers and EU-U.S. Data Privacy Framework, UK Extension to the EU-US Data Privacy Framework, and Swiss-U.S Data Privacy Principles:
Magnite is a global company headquartered in the United States, with offices and data centers around the world.). If you access Digital Media Properties, your data may be transferred to, stored and processed by us in countries outside the United States, and by those third parties with whom we may share your User Information (as described in this policy) in the countries in which they operate.
Some countries may not provide a level of data protection for User Information that is equivalent to the data protection laws in your country. We will however implement appropriate safeguards where Magnite group of companies, or any third parties with whom we share data, receive User Information originating from the EEA, Switzerland or the UK in accordance with applicable data protection legislation.
Magnite, Inc. and its US subsidiary, Magnite Hopper, Inc., commit to comply with the EU-US, the UK extension and Swiss-US Data Privacy Frameworks as set forth by the US Department of Commerce with respect to personal information concerning individuals from the EEA, UK and Switzerland. If there is any conflict between the terms in this Privacy Policy and the Data Privacy Framework Principles, the Data Privacy Framework Principles shall govern.
If you would like to learn more about the safeguards we put in place for international transfers, please see our Data Privacy Framework Notice to learn more or contact us using the contact details further below.
Changes to this Policy
We may update this policy from time to time in order to reflect, for example, changes to our practices or for other operational, legal or regulatory reasons. If we make material changes to this policy, we will notify you of any material changes by posting the revised policy on this website, and where necessary, by any other means required by applicable law.
Contact Us
For more information about our privacy practices, if you have questions, or if you would like to make a complaint, please contact Magnite’s Privacy Team by e-mail at [email protected] or by post using the details provided below:
1250 Broadway, 15th Floor, New York, New York 10001
You can also contact Magnite’s Data Protection Officer at [email protected].
If you are based in the EU you can contact our EU Representative:
[email protected]
Lionheart Squared (Europe) Ltd (FAO – Magnite),
2 Pembroke House, Upper Pembroke Street 28-32,
Dublin, DO2 EK84, Republic of Ireland.